The most pressing WebAuthn issue is Delegation. By iFrame or other method. UVtoken is a CTAP issue. Enterprise Attestation is split between WebAuthn and CTAP. I think that is going to take some time. The first three are being rolled out by people now. Locking those down would be good but they are mostly in CTAP. John B. On Tue, Aug 6, 2019, 6:31 PM Anthony Nadalin <tonynad@microsoft.com> wrote: > Framing for tomorrows schedule discussion: > > > > There are several top priority items that we would like to get done, some > of these have a dependency on CTAP 2.x, some may require changes to > authenticators. Given the fact that WebAuthn Level 1 and CTAP 2.0 were just > released this year, would it be a good idea to release a new version > quickly like 12/2019- 3/2020 or wait until the market has deployed Level 1 > and CTAP 2.0. Need input from browser vendors and authenticator vendors and > anyone else that has an opinion. > > > > Some of the items between WebAuthn and CTAP I hear are important are: > > > > 1. Credential Management > 2. Biometric Enrollment > 3. Cred Protect > 4. UV Token > 5. Enterprise Attestation > 6. Backup/Recovery > 7. FIPS > 8. Any others? > >
Received on Wednesday, 7 August 2019 12:29:46 UTC